Woman working on computer in office

Pushing Back Against Enterprise Workplace Privacy Threats

Chances are that if you’ve read something about enterprise-level data privacy measures as of late, it heavily emphasizes the best way to manage customer data. Most of the attention in the space has focused on companies that collect information from their users. Considering the fact that nearly all firms that use at least some cloud-based workflows have to collect and store customer data, it stands to reason that this is the area of most concern for a majority of organizations.

However, it’s important not to forget about workplace data breaches. Your employees and your organization itself has a right to privacy. For that matter, you probably want to keep any digital resources you access at work relatively private too. A full 22 percent of data breaches happen as a result of simple mistakes, so it pays to devote at least some attention to this aspect of privacy.

Improving digital privacy in the workplace

According to some security researchers, the most common type of error people run into in the workplace is sending sensitive information to the wrong individual. Simply inputting the wrong address into a carbon copy line on a legacy email application is more than enough to cause a relatively massive breach. Once information is in the wrong hands, there’s no telling what might happen even if the individual on the other side is trustworthy.

Assume, for instance, that someone received an errant attachment filled with patient records. Individuals who wouldn’t have otherwise ever thought about maleficence could suddenly find themselves receiving a fairly strong temptation. On the other hand, there’s the possibility that they themselves might be beyond reproach but the fact that their inbox wasn’t as hardened as others in a particular circle of people and this allowed some other person to gain access to the data in question.

One study conducted by Verizon found that more than 20 percent of privacy incursions somehow involved these or similar mistakes. It can be very difficult to ensure that everyone in an organization is ready and willing to keep an eye on each task that they do on a day-to-day basis, especially when work gets tedious and deadlines start to creep up on people.

Nevertheless, it’s very important to do so, especially when login credentials are concerned.

Protecting login identities in an uncertain world

People don’t often log into the wrong site with their own credentials due to the fact that password managers are ubiquitous. However, there is always the possibility of gross misconfiguration that allows outside users to access a database without even entering any password at all. Even the best professionals will sometimes miss the mark when it comes to long lists of configuration options. It’s easy to have your eyes glaze over while you’re trying to track down similar-looking properties sheets on dozens of nearly identical databases.

Machine learning has received a healthy amount of promotion as a solution to this kind of problem, but it can only go so far. An artificially intelligent agent will only know the right settings if it receives them to begin with. Improperly configured AI tools can do as much damage as individuals could. In some cases, it could actually be much worse because they’re able to reorient dozens of databases in a very quick span of time.

Organizations that are concerned about these sorts of problems will probably want to do more than schedule regular in-house audits. Take a proactive approach and remind individuals working with any piece of sensitive information to think twice if they weren’t asked for the credentials when accessing it. If they didn’t see the prompt that they were supposed to, then there’s a good chance that someone else hasn’t as well.

Using the right kind of login system is important as well. Something based around AES-256 encryption, like the system used by Aura and other major security organizations, is going to be much safer than a dated algorithm like the infamous md5sum. Nevertheless, you’ll still run into problems no matter how safe your software is because there’s always the possibility for maleficence when others have physical access to your premises.

As a result, you’ll want to also think about how your actual premises are arranged.

Preventing unauthorized access in person

Whenever someone can gain physical access to a machine, they’re going to be able to do far more than they ever could remotely. Someone could sit down at a Unix workstation, such as a machine running macOS or GNU/Linux, and actually reset passwords to make their own backdoor. These machines are extremely secure on the net but the threat of physical access makes them a trap. Fortunately, there are a few ways to solve this problem.

Visitor badges shouldn’t ever last for more than a relatively short period of time. Once they’re used, they need to be deposited somewhere that outsiders won’t be able to grab onto them. Change out old credentials whenever someone leaves your organization. Though the risk that the individuals in question would ever use them against you is admittedly slim, there’s always a chance that some outside bad actor could take advantage of old credentials.

Naturally, you’ll also want to make sure that you know who comes in and out of your facility on a regular basis. Get to know your team and many of these privacy-related problems will be resolved that much more simply.

 

Staff Writer at CPO Magazine